diff --git a/0008-Prevent-integer-overflow-or-wraparound-CVE-2024-4549.patch b/0008-Prevent-integer-overflow-or-wraparound-CVE-2024-4549.patch
new file mode 100644
index 0000000..c0ce3e5
--- /dev/null
+++ b/0008-Prevent-integer-overflow-or-wraparound-CVE-2024-4549.patch
@@ -0,0 +1,40 @@
+From d15ba056c15db75c9153fda27a62b1a6cfb8196e Mon Sep 17 00:00:00 2001
+From: Rob Crittenden <rcritten@redhat.com>
+Date: Mon, 9 Sep 2024 14:35:28 -0400
+Subject: [PATCH] Prevent integer overflow or wraparound CVE-2024-45491
+
+An issue was discovered in libexpat before 2.6.3. dtdCopy in
+xmlparse.c can have an integer overflow for nDefaultAtts on
+32-bit platforms (where UINT_MAX equals SIZE_MAX).
+
+Backported from upstream https://github.com/libexpat/libexpat/pull/891
+
+Resolves: RHEL-57519
+---
+ lib/expat/xmlparse/xmlparse.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/lib/expat/xmlparse/xmlparse.c b/lib/expat/xmlparse/xmlparse.c
+index 359267a..40f753b 100644
+--- a/lib/expat/xmlparse/xmlparse.c
++++ b/lib/expat/xmlparse/xmlparse.c
+@@ -1020,6 +1020,16 @@ static int dtdCopy(XML_Parser oldParser, DTD *newDtd, const DTD *oldDtd)
+     if (!newE)
+       return 0;
+     if (oldE->nDefaultAtts) {
++      /* Detect and prevent integer overflow.
++       * The preprocessor guard addresses the "always false" warning
++       * from -Wtype-limits on platforms where
++       * sizeof(int) < sizeof(size_t), e.g. on x86_64. */
++#if UINT_MAX >= SIZE_MAX
++      if ((size_t)oldE->nDefaultAtts
++          > ((size_t)(-1) / sizeof(DEFAULT_ATTRIBUTE))) {
++        return 0;
++      }
++#endif
+       newE->defaultAtts = (DEFAULT_ATTRIBUTE *)
+           malloc(oldE->nDefaultAtts * sizeof(DEFAULT_ATTRIBUTE));
+       if (!newE->defaultAtts)
+-- 
+2.45.0
+
diff --git a/xmlrpc-c.spec b/xmlrpc-c.spec
index 2002cd0..b8a37ab 100644
--- a/xmlrpc-c.spec
+++ b/xmlrpc-c.spec
@@ -6,7 +6,7 @@
 
 Name:           xmlrpc-c
 Version:        1.51.0
-Release:        9%{?dist}
+Release:        10%{?dist}
 Summary:        Lightweight RPC library based on XML and HTTP
 # See doc/COPYING for details.
 # The Python 1.5.2 license used by a few files is just BSD.
@@ -29,6 +29,7 @@ Patch104:       0004-Add-missing-validation-of-encoding-CVE-2022-25235.patch
 Patch105:       0005-lib-Prevent-more-integer-overflows-CVE-2022-22822-to.patch
 Patch106:       0006-Prevent-integer-overflow-on-m_groupSize-in-doProlog-.patch
 Patch107:       0007-Address-segfault-found-in-CVE-2023-52425.patch
+Patch108:       0008-Prevent-integer-overflow-or-wraparound-CVE-2024-4549.patch
 
 # Backported patches
 # https://sourceforge.net/p/xmlrpc-c/code/2981/
@@ -197,6 +198,9 @@ tar xf %{SOURCE1}
 %{_bindir}/xmlrpc_dumpserver
 
 %changelog
+* Thu Sep 19 2024 Rob Crittenden <rcritten@redhat.com> - 1.51.0-10
+- Prevent integer overflow or wraparound, CVE-2024-4549 (RHEL-57519)
+
 * Thu Apr 25 2024 Rob Crittenden <rcritten@redhat.com> - 1.51.0-9
 - Address segfault found in CVE-2023-52425 (RHEL-24226)